Java tutorial
/* * JOSSO: Java Open Single Sign-On * * Copyright 2004-2009, Atricore, Inc. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License as * published by the Free Software Foundation; either version 2.1 of * the License, or (at your option) any later version. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, write to the Free * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. * */ package org.josso.jb5.agent; import java.security.Principal; import javax.security.auth.Subject; import javax.security.jacc.PolicyContext; import javax.security.jacc.PolicyContextException; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.jboss.security.SecurityConstants; import org.jboss.security.SecurityContext; import org.jboss.web.tomcat.security.JBossWebRealm; /** * JBoss Realm that overrides hasRole method * and creates CatalinaSSOUser (GenericPrincipal) * from the active subject (for SSO security domain) * so roles can be processed by base tomcat/jboss realms. */ public class JBossCatalinaRealm extends JBossWebRealm { private static final Log logger = LogFactory.getLog(JBossCatalinaRealm.class); /** * Return <code>true</code> if the specified Principal has the specified * security role, within the context of this Realm; otherwise return * <code>false</code>. * * For SSO security domain it creates a GenericPrincipal from * the active authenticated subject before checking roles. * * @param principal Principal for whom the role is to be checked * @param role Security role to be checked */ public boolean hasRole(Principal principal, String role) { boolean hasRole = false; logger.debug("hasRole(" + principal + "," + role + ")"); try { SecurityContext sc = JBossSecurityAssociationActions.getSecurityContext(); if (!isSSODomain(sc.getSecurityDomain())) { // This is not a SSO Security domain, let JBoss realm handle this ... return super.hasRole(principal, role); } //Subject callerSubject = JBossSecurityAssociationActions.getSubject(); Subject activeSubject = (Subject) PolicyContext.getContext(SecurityConstants.SUBJECT_CONTEXT_KEY); logger.debug("Authenticated Subject: " + activeSubject); CatalinaSSOUser ssoUser = CatalinaSSOUser.newInstance(this, activeSubject); hasRole = super.hasRole(ssoUser, role); } catch (NullPointerException npe) { // Just in case ... if (logger.isDebugEnabled()) logger.debug(npe); hasRole = super.hasRole(principal, role); } catch (PolicyContextException e) { logger.error(e, e); } return hasRole; } /** * Checks if the given domain is a SSO security domain. * * @param domain the security domain name to check * @return true if this is a SSO security domain. */ protected boolean isSSODomain(String domain) { boolean isSSODomain = "josso".equals(domain); if (logger.isDebugEnabled()) { logger.debug(" JBoss Security Domain [" + domain + "] is" + (isSSODomain ? "" : " not") + " under SSO Control"); } return isSSODomain; } }